Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.3 contained a security vulnerability. This vulnerability stemmed from the channel webhook creation/update process accepting arbitrary profileimageurl values,...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-6861)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-6861 advisory. - A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs...

EUVD-2019-19100

Malware in sbrugna...

EUVD-2015-3016

Malware in sbrugna...

batik: Server-Side Request Forgery vulnerability

A flaw was found in Apache Batik, where a malicious SVG can probe user profile data and send it directly as parameter to a URL. This issue can allow an attacker to conduct SSRF attacks...

DEBIAN-CVE-2022-44730

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL...

SUSE CVE-2015-2710

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets CSS token sequence...

SUSE CVE-2021-43818

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...

Upload 跨站脚本漏洞

Upload is a file upload extension by the individual developers of FriendsOfFlarum. A cross-site scripting vulnerability exists in Upload versions 0.1.0 through 1.2.2, which stems from insufficient cleaning of user-supplied data in SVG files in fof/upload. A remote attacker can exploit this...

python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through

There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using python-lxml's HTML Cleaner may be able to trigger script execution in clients such as web browsers. This can...

python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through

There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using python-lxml's HTML Cleaner may be able to trigger script execution in clients such as web browsers. This can...

python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through

There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using python-lxml's HTML Cleaner may be able to trigger script execution in clients such as web browsers. This can...

UBUNTU-CVE-2021-43818

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...

PYSEC-2021-852

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...

GHSA-55X5-FJ6C-H6M8 lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through

Impact The HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5. Patches The issue has been resolved in lxml 4.6.5...

lxml 注入漏洞

Lxml is a personal developer of Lxml can be interacted with Python for locating elements in Html. An injection vulnerability exists in versions of lxml prior to 4.6.5, which stems from the fact that HTML Cleaner allows the passage of certain carefully crafted scripted content, as well as scripted...

CVE-2019-9738

jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the 'EMBED SRC="data:image/svg+xml' substring...

CVE-2017-7837

SVG loaded through "" tags can use "" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox 57...

Mozilla: Out-of-bounds read in HTML parser following a failed allocation (MFSA 2016-34)

The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read via crafted Unicode data in an HTM...

CVE-2015-2931

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI...